Lecture 7

Question 1

A threat that exploits various vulnerability to spread malicious payloads is called what?

Answer 1

Malicious code

Question 2

People who are extremely skilled software developers and develop maliciuos code are called what?

A. Skilled malicious code programmers
B. Script kiddies

Answer 2

A. Skilled malicious code programmers

Question 3

A person that uses existing and well known techniques and programs or scripts are called what?

A. Skilled malicious code programmers
B. Script kiddies

Answer 3

B. Script kiddies

Question 4

Macro virus uses what?

Answer 4

script functionality

Question 5

This virus is stored is stored in the MBR and another location in the system.

Answer 5

master boot record (MBR) virus

Question 6

This virus type infects executable files and triggers when the OS tries to execute them.

Answer 6

File infector virus

Question 7

Why are there fewer UNIX viruses?

Answer 7

they are developed on entirely different kernels make it difficult to write a virus that would impact a large number of UNIX systems

Question 8

Signature based antivirus works how?

Answer 8

Use a database of known signatures to find a virus

Question 9

A virus that uses more than 1 propagation technique is called what?

A. Stealth
B. Multipart
C. Hidden
D. Rootkit

Answer 9

B. Multipart

Question 10

What type of virus hides by tampering with the OS?

A. Stealth
B. Multipart
C. Hidden
D. Polymorphic

Answer 10

A. Stealth

Question 11

This virus modifies its code as it moves from system to system.

A. Stealth
B. Multipart
C. Polymorphic
D. Rootkit

Answer 11

C. Polymorphic

Question 12

This virus encrypts their code with different cryptographic keys to avoid detection.

A. Stealth
B. Encrypted
C. Polymorphic
D. Rootkit

Answer 12

B. Encrypted

Question 13

What is a logic bomb virus?

Answer 13

It lies dormant until a specific trigger is met..Can be time or a particular action being performed

Question 14

What time of virus looks benign but is really malicious?

Answer 14

Trojan Horse

Question 15

What is a worm?

Answer 15

Malicious code that can self propagate.

Question 16

The code red worm did 3 things. What were they?

Answer 16

Look for vulnerable versions of IIS
Defaced html pages on the local web server
planted a logic bomb

Question 17

This worm searched for a Siemans controller to disrupt nuclear facilities by destroying the centrifuge.

Answer 17

Stuxnet

Question 18

This type of malicious code monitors your actions and collects information and transmits it back to a remote system.

Answer 18

Spyware

Question 19

What are the three key places to implement countermeasures of malicious code?

Answer 19

Clients
Servers
Content filters (ex: email)

Question 20

This type of DDos compromised third party systems to install a program and lies dormant waiting for instruction.

A. Syn Flood
B. Trinoo and Tribe Flood Network
C. Smurf
D. Teardrop

Answer 20

B. Trinoo and Tribe Flood Network

Question 21

This attack uses one or more third party newtorks to conduct an attack.

A. Syn Flood
B. Trinoo and Tribe Flood Network
C. Smurf
D. Teardrop

Answer 21

C. Smurf (distributed reflective denial-of-service attack) (DRDos)

Question 22

A DNS amplification attack is used to what?

Answer 22

Send a large volume of unwanted traffic to a third party.

Question 23

this type of attack is where a fragmented packet is sent that does not conform to the fragmentation protocol specification. The system doesn’t know how to handle this and can crash.

Answer 23

Teardrop

Question 24

This type of attack occurs when an artificial TCP segmnt has the SYN flag set and the source and destination IP are set to the victim machine.

Answer 24

Land attack

Question 25

An attack where a ping packet is sent with a size over the alloted size (65,536).

Answer 25

Ping of Death

Question 26

When a developer does not properly program input validation this attack can occur.

Answer 26

buffer overflow

Question 27

When a program checks the access permission too far in advance of a resource use this issue can occur. A. buffer overflow B. Land attack C. TOC/TOU D. teardrop

Answer 27

C. TOC/TOU

Question 28

An undocumted access mechanism to bypass normal access restrictions. Developers may use them.

Answer 28

trapdoor/backdoor

Question 29

These are used to allow attackers to gain expanded access to a system.

Answer 29

Rootkit

Question 30

this type of attack on web applications injects client-side scripts into webpages. A. SQL injection B. Cross-site Scripting (XSS)

Answer 30

B. Cross-site Scripting (XSS)

Question 31

This occurs when an attacker inserts their own SQL code into the input field to affect the underlying database. A. SQL injection B. Cross-site Scripting (XSS)

Answer 31

A. SQL injection

Question 32

A reconnaissance attack that tries to gather IP information about an organization. Can use ping sweep. A. Port Scan B. Vulnerability scan C. Ip Probe D. Dumpster Diving

Answer 32

C. Ip Probe

Question 33

Performing a scan to find open or used ports in an environment. A. Port Scan B. Vulnerability scan C. Ip Probe D. Dumpster Diving

Answer 33

A. Port Scan

Question 34

A tool to find specific vulnerabilities on a potential target system. A. Port Scan B. Vulnerability scan C. Ip Probe D. Dumpster Diving

Answer 34

B. Vulnerability scan

Question 35

This attack analyzes waste to gain intelligence that might help launch an attack. A. Port Scan B. Vulnerability scan C. Ip Probe D. Dumpster Diving

Answer 35

D. Dumpster Diving